How app dev puts business at risk — and what to do about it

In a recent survey, 43% of IT decision makers rated mobility — which is to say, mobile-friendly apps or sites — as the top business functionality or process that’s critical for applications. These days, the line between the web and mobility has blurred to the point of invisibility.

In particular, Potentially Unwanted Programs (PUPs), often posing as legitimate apps while performing unauthorized actions (including collection of user and system data), were detected on 91 million systems each day. Also, after a decline, in Q4 2014, the number of new ransomware samples grew 155%.

McAfee Labs now detects 387 new samples of malware every minute.

Understanding why

The Ponemon Institute study referenced above cites six reasons that mobile application development and web application development churn out so many insecure apps:

“Rush to release” produces vulnerable apps. Almost two-thirds of those surveyed say app security is sometimes sacrificed on the altar of customer demand or need.

Too often, mobile apps get tested infrequently and/or too late. Testing tends to occur in development or post-development rather than in production. Plus, 55% of respondents say they don’t test apps at all or are unsure if apps are tested.

It’s gonna get worse and there’s stalling. Some 61% of those queried say their organizations will need to address mobile app risks — but only 29% say they have ample resources for this.

Spending on mobile app security lags. While annual mobile app development spending stands at $34 million, only 5.5% of that goes to mobile app security.

Mobile app security policies are inadequate or nonexistent. Respondents say most employees are “heavy users of apps,” but 55% indicate their organization lacks policy defining acceptable use of mobile apps in the workplace.